2 Answers
2

You need to check their umask setting as that controls the permissions newly created files get. Most distros set the mask to 022 which will give files group read and world read, but other distros have a more restrictive mask which will only set owner permissions.

As staticsan mentioned, this sounds like a case setting the umask will fix. If you want a finer grained control over permissions without making it so EVERY file that users create get world read, you could use file access control lists to set a default for the public_html directories for other read+execute with

setfacl --set d:o:rx /home*/public_html

Regardless of what umask is set to, if the user can write to that directory, the file defaults will always be o+r(x for directories). Your ls -l output will then look something like:

drwxrwxr-x+ 3 user user 4096
2009-12-02 21:30 public_html/

The plus at the end of the permissions shows there is an ACL, which you can view by using

getfacl public_html

There is a trade-off since now the permissions are not obvious, and you have to getfacl to see more details, but you gain more control over exactly where you want permissions to be different than the global default.